Reg Exp
Web Design
Notes Client
DLL: Modify ACL
A company found that many people had removed Administrator access from their mail files or their production applications on their Domino servers. Removing this access prevented many scheduled maintenance tasks from happening.

The company needed a way to put the Administrator group back into the access control list (ACL) of all databases.

Instead of writing a one-time use application to do the trick, Breaking Par had another idea. They wrote a Dynamic Link Library (DLL) that could be used in multiple environments: Windows NT, AIX, and HP-UX. The DLL had many functions, including adding an entry to an ACL, changing the user type of an entry in the ACL, and changing the access level of an entry in the ACL. This allowed developers at the company to write a LotusScript scheduled agent to modify the ACL's in any specific manner they wanted, using the DLL.

Why was a DLL necessary? Well, scheduled LotusScript agents run under the authority of the person who signed the agent. If that person doesn't have manager access to the database, they cannot update the ACL. Since the Administrator group was removed from the ACL, the person who would sign the agent would not have enough access. The DLL bypasses server security and accesses the file locally. This, in effect, gives the DLL manager access to the database no matter what (even if the database has "enforce consistent ACL" set). So the signer of the agent would have enough access to modify the ACL if the DLL was used.

Furthermore, using the DLL meant that the company would not have to come back to Breaking Par every time an enhancement would be needed. The DLL provided generic functionality, so a company developer could write a LotusScript agent to maintain the ACL that fit the needs at the time.